Managing all your PINs is difficult. Banks acknowledge this by allowing and facilitating PIN
changes. However, choosing secure PINs is a difficult task for humans as they are incapable of
consciously generating randomness. This leads to certain PINs being chosen more frequently
than others, which in turn increases the danger of someone else guessing correctly. We
investigate different methods of supporting PIN changes and report on an evaluation of these
methods in a study with 152 participants. Our contribution is twofold: We introduce an
alternative to system-generated random PINs, which considers people’s preferred
memorisation strategy, and, secondly, we provide indication that presenting guidance on how
to avoid insecure PINs does indeed nudge people towards more secure PIN choices when they
are in the process of changing their PINs
